frame horse symptoms verified


FF (Firefox) IFRAME is not afraid, then no problem do not hang horse

in FF

so, as long as the IE prevents the execution of the IFRAME statement, then the horse is no horse,

I just wrote a code and got it, ha, ha ha. It’s the attribute e­ in the IE only (unique) CSS; xpression, try it in, and sure enough, the IFRAME doesn’t work.


code is as follows:



prefix: e­ xpression (expression);

The prefix

is to change the above named " v" for example, I can change: abc123:e­ xpression (this.src=’about: blank’this.outerHTML=”); Trojan guy look at this prefix in your CSS, then when the horse written in this way, the prefix must be the same as you the website (abc123), can be linked to the horse, ha ha ha! If the prefix made dynamic, very OK, to see how you hung



can solve some webmaster trouble, no need to pay attention to how many IFRAME Trojan horse, those IFRAME are not effective;

protects the visitor’s security, and these IFRAME do not execute without downloading, and will not disrupt access to the computer;

code is simple, just a CSS style, regardless of whether you are ASP, ASP.NET, JSP, PHP or RUBY, are universal;


is only suitable for defending the current hang IFRAME scheme;

allows people to change the way the horse, the horse can construct such a code to make my defense failure, but the horse must all see my CSS e­ the " xpression front; v" I can change into any letters, such as: xgz:e­ xpression (…), ha ha ha. He also did not get my way, again, if I change the prefix, is also a *_*

cannot defend other markers of horses, such as

in addition to a solution – this program does not know the tube does not work, did not try, the method is as follows:

at the end of the page to add

, and then use CSS to control its display, such as: XMP {;